38 lines
875 B
YAML
38 lines
875 B
YAML
---
|
|
- name: Install OpenApply prerequisite packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- ca-certificates
|
|
- curl
|
|
- git
|
|
- gnupg
|
|
- ufw
|
|
- build-essential
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
|
|
- name: Configure UFW for production web access
|
|
when: openapply_app_enable_firewall | bool
|
|
block:
|
|
- name: Set default incoming firewall policy
|
|
community.general.ufw:
|
|
direction: incoming
|
|
default: deny
|
|
|
|
- name: Set default outgoing firewall policy
|
|
community.general.ufw:
|
|
direction: outgoing
|
|
default: allow
|
|
|
|
- name: Allow required TCP ports
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
loop: "{{ openapply_app_allowed_tcp_ports }}"
|
|
|
|
- name: Enable UFW
|
|
community.general.ufw:
|
|
state: enabled
|